the obvious option is to request consent instead of violating people's privacy and make a dragnet data collection effort like this opt-in instead of opt-out.
but that's clearly not the intention here, because how dare anyone question someone else's motives/objectives/priorities for collecting data about devices they don't own. in fact, we're supposed to think this is the "nice" version because a google-funded nonprofit is doing it instead of google doing it unlawfully with cars or through waze.
seeing mozilla move in this direction while talking about how much they respect everyone's privacy is a strategic stumble indeed.
Did you ever count APs during a short walk in a relatively low density neighbourhood? You have hundreds in under 100m.
Tell me, how do you plan to ask each and everyone of them? Ring on every doorbell?
-Sorry, is FritzBox!239?
-No, here is YouMakeTooMuchNoiseWTF
-Oh, I see, could you please pass a message to your neighbour? I'd very much appreciate if he could please fill in this form and send it back through paper mail to Mozilla…
that would be one respectful way to do it, and yes, challenging.
but the premise of your comment is that of course my device's SSID and related location should be collected in someone else's database because a google-funded nonprofit wrote an app for people to go wardriving with.
just because SSIDs can be legally observed and collected doesn't mean i have to be happy about it. I wasn't talking about this as a technical problem as much as an ethical/political one for an organization that claims to be committed to my privacy...except when it's not.
Hey, we're happy to hear about privacy concerns and ways that these might be addressed.
As for collecting your SSID information - devices are already storing SSIDs to do an active scan.
If you're not happy that the Mozilla Stumbler can record that SSID, you should probably also be unhappy that all WiFi devices capable doing a probe request - which is basically all wifi devices.
As far as the ethics concern - I'll bite.
This is one of the privacy reasons why we do not publish the wifi database yet. We haven't figured out a way to do this without exposing too much personal data yet.
We've got some rough ideas on how to do this, but nothing good enough yet that we'd be willing to expose our users to this risk.
"devices are already storing SSIDs to do an active scan" - Not mine, although I would readily acknowledge that I'm in the minority and this is generally a truism.
And thank you for acknowledging privacy concerns over publishing the wifi database, although I'm personally still concerned whenever that information gets aggregated systematically, even if it's internal to Mozilla.
One way I think about privacy for data like this is respecting people's intentions. When most people set up wi-fi, I would argue that their intent is almost never to help Mozilla or Google precisely locate phones or IP addresses; it's to connect wirelessly to the internet. More to the point, it's hard to find out someone's intention without asking them. Kudos to Mozilla for getting people to wardrive consensually; but that may still not make me feel much better if I'm just someone with wi-fi.
Just to clarify, the Mozilla Stumbler apps looks at SSIDs (to filter out "_nomap" and known mobile phone and transportation networks), but the SSIDs are not reported to the Mozilla Location Service. The BSSID/MAC addresses are, though.
Since you are underlining the provenance of Mozilla's budget, I guess that when Google stops financing Mozilla everything will change for you. Otherwise you are just lining up words to make a big impression but without any meaning or clue at all.
Don't you want everyone to observe your SSID? Hide it. You are cluttering the public's ether, so you are subject to public scrutiny. Don't you want to add "no_map" to the end of it? Shut up.
Or just do what Buckiminister Fuller told you to do: do not criticize a system but build a new and better one to obsolete the one that don't work. I promise to print your form if you start with a better approach. Unless you are not a complete idiot and understand that it is a theoretically possible way to deal with the problem but not a feasable one. Anyway, go on, just complain and talk nonsense: it will help. A lot.
i don't think i was the first or the only person to point out the similarity of this data collection program to google's street view program and related legal/policy/privacy issues that arose with it.
as engineers, we often end up offering people choices that aren't really choices. for my grandmother's ISP-provided wi-fi access point, adding no_map to her SSID isn't a choice she's prepared to make, and i don't think those are reasonable expectations for the average user.
when people suggest otherwise, i think that part of what they seem to be arguing is that the technical problem they're trying to solve--often for commercial gain--is more important than being respectful of other people. people shouldn't have to know how to hide their SSID or add "no_map" to their SSID to stay out of large databases by default.
my view is that the world is a better place when information sharing is consensual, even when it's otherwise legal to obtain that information. i think that's a better world than one in which we tell people to hide their SSIDs or add "no_map" to them. i'm interested in building software and systems that respect people and their devices.
I don't see your point. If you are ignorant enough to not know how to secure against such measly attempts at privacy breach, how will you secure against a more determined hacker?
Further more the SSID is publicly broadcast, so that any device you authorized can identify and connect.
i didn't say i didn't know how to secure against something like this or that it was not legal.
my point was that this approach to data collection, consent, and privacy sharply and directly contradicts claims mozilla makes to users about being committed to their privacy. i think this reflects the opposite.
maybe a better analogy would be someone from the ACLU photographing everyone they saw in public: legal and easy to defend against, but hypocritical/not cool in my opinion and it might make me question the organization's priorities.
I understand what you're saying, but you have to draw the line between privacy and common sense at some point.
It has been understood for awhile now that you have no expectation of privacy in public, at least as far as not being photographed, talked to, etc. Most people would probably agree that the paparazzi taking sneaky pictures of celebrities buying milk at Kroger aren't being very classy, but they'll also probably say it's fair game at that point.
Likewise, I would argue that broadcasting your SSID over the electromagnetic spectrum is public. As far as privacy is concerned (I have a slightly different opinion when it comes to security) I still haven't seen any compelling argument explaining how having your SSID mapped to a location is an any way a violation of privacy. Maybe you have one?
Sleazy paparazzi can exist in the world without breaking the law, but I expected more than that from Mozilla.
One hypothetical example: SSIDs often betray vendor names out of the box, and home routers are typically embedded devices that don't frequently receive security updates. Suppose Mozilla makes its database public and lists my SSID--or more likely, some weakly-secure hash of my SSID--in a public database that later gets compromised (e.g. plenty of people know their own SSIDs). Then, through no fault of Mozilla's, there's some 0day announced for my router. Now, every script kiddie in the neighborhood's using metasploit against a pre-selected list of vulnerable routers, potentially even remotely depending on their ability to integrate information from other sources. Maybe that sounds like more of a security issue than a privacy issue, but at some point, the effect is the same.
As you said, that's not a privacy issue but a security one. Also, in your example I'd argue it would just be easier to attack every single IP address and/or WAP rather than attempt to figure out which ones are Linksys and running a vulnerable firmware. It would take less time and also solves the case of non-default SSID names.
I'm still interested in seeing an example of how linking SSIDs to physical locations is a violation of privacy. Especially compared to, say, linking my full legal name to my house address which is already treated as public knowledge.
I don't think you'll like my answer, but I think it was Schneier who said that it's not necessarily any one thing: it's having easy access to a bunch of different things, together.
I believe that according to law, the onus is on the owner in question to make sure their WiFi Router is secure. If a hacker takes control of your router, and downloads pirated material, you are considered responsible if you didn't take even necessary steps to protect yourself. Then you sue manufacturer, and all routers come with a set of different passwords and _no_map by default. That is the most likely logical course of action.
Everything else is idealizing. Same as with video and with DRM. Mozilla could take a principled stance and say no to patented codes and no to DRM, and then Google says yes to both of those things, reap the benefits, while the end consumer abandon Mozilla because it doesn't play YouTube or Netflix, and then Mozilla is no more.
If you don't like it, you can fork Firefox and/or choose not to trust Mozilla. The situation is super sad, but what else can you do? Be principled and disappear? Or compromise and survive?
i never disputed the lawfulness of doing this--in fact i explicitly acknowledged it in my last comment.
i'm not making any legal claims to privacy--just pointing out that collecting everything that's lawful to collect runs counter to mozilla's policy stance of being committed to users' privacy.
> seeing mozilla move in this direction while talking about how much they respect everyone's privacy is a strategic stumble indeed.
Yup. I'm as heartbroken as I can be with a company.
A "hand-washing" attitude towards privacy from Google, Facebook or a telco is expectable. But from Mozilla? This saddens me, way more than the support of DRM in the web.
agree completely--it's one thing to do this sort of thing (it's probably legal, etc.), but to do it while claiming to be fighting for user privacy is really galling to me.
but that's clearly not the intention here, because how dare anyone question someone else's motives/objectives/priorities for collecting data about devices they don't own. in fact, we're supposed to think this is the "nice" version because a google-funded nonprofit is doing it instead of google doing it unlawfully with cars or through waze.
seeing mozilla move in this direction while talking about how much they respect everyone's privacy is a strategic stumble indeed.